<?php
include_once("common.inc.php");
require_once(_INC_PATH.'database.php');
require_once(_INC_PATH.'comment_statistic.php');

if (!get_magic_quotes_gpc())
{
	foreach( $_POST as $pk=>$v)
	{
		$_POST[$pk] = addslashes($v);
	}
}

$cor_id	 = intval( $_POST['cor_id'] );
$salary = intval($_POST['salary']);
$environment = intval($_POST['environment']);
$opportunity = intval($_POST['opportunity']);
$pressure = intval($_POST['pressure']);
$work_time = intval($_POST['work_time']);
$content = trim( $_POST['content'] );

$ip = getIP();

if(checkIsLogin()){
	$user_id = _getcookie("id");
	$user_name = _getcookie("user_name");
	$show_flg = '1';
}else{
	$user_id = '';
	$user_name = _VISITOR;
	if(_AUDITING == '1'){
		$show_flg = '0';
	}else{
		$show_flg = '1';
	}
}

if($cor_id <= 0){
	errorShow("对不起，评论时发生错误！如有疑问，请联系我们");
	echo '<script language="javascript">window.location.href="/";</script>';
	die;
}
	


@include_once( _INC_PATH."denyWord.php" );

$content = htmlspecialchars( $content );	
$content = filterDenyWords( $content );

$nowTime = date("Y-m-d H:i:s");
$insertRow = array(
		"cor_id" => $cor_id,
		"user_id" => $user_id,
		"user_name" => $user_name,
		"content" => $content,
		"salary" => $salary,
		"environment" => $environment,
		"opportunity" => $opportunity,
		"pressure" => $pressure,
		"work_time" => $work_time,
		"ip" => $ip,
		"show_flg" => $show_flg,
		"create_time" => $nowTime,
		"update_time" => $nowTime,
		"del_flg" => '0'
);
$db = new database();
$db->insert( $insertRow , 'tbl_estimate' ); 	
	
$db->close();
setcookie("commentltime",time(),time()+3600*12,'/');
if($show_flg == '1'){
	$location = delCommentPage();
	$statistic = new Statistic($cor_id);
	$statistic->updateStatistic();
	Location($location);
	die;
}else{
	msgshow("感谢您的评论，您的评论正在审核中···");
	die;
}


//过滤关键字
function filterDenyWords($msg)
{
	global $denyWordArray;
	if (!empty($denyWordArray))
	{
		foreach( $denyWordArray as $denyWord )
		{
			$msg = preg_replace( "#". $denyWord . "#i" , "#" , $msg);
		}
	}
	return $msg;
}

//
function msgshow($msg)
{
	$ref = $_SERVER['HTTP_REFERER'];
	echo '<script>alert("'.$msg.'");window.location.href="'.$ref.'"</script>';
}

die;
?>